I have gathered up a good overview of the new features for both iOS 6 and iPhone 5 that may be helpful from the various news and announcements earlier today. I have compressed the information in some brief tables to better organize the information and content. iOS 6 Cheat Sheet

This latest iOS release provides a slew of new features. While mostly geared to the consumer market, here is a possible list of business related features known at this time that may be beneficial to have knowledge of or promote.

Area

Description

Availability

General public availability on September 19th. Over-The-Air upgrades on support models running iOS 5 or above.

Passbook: - New app that manages a user's boarding passes, movie tickets, retail coupons, loyalty cards, etc. in one app. - Passes are updated in real time if changes are made (e.g. spending money on a store card, flight time, gate change, etc.). - Passes are location and time-based, appearing on the lock screen when relevant.

Settings: - "Bluetooth" moved to top of Settings list. - Added "Do Not Disturb" mode, allowing users to avoid calls and notifications unless calling parties are on the user's Favorites group. - New Privacy Controls. Apps must now ask for permission to access the users photos, calendars, contacts and reminders. - "Wi-Fi plus cellular" option added under "Cellular", to allow apps to use data over cellular if experiencing issues establishing connection through Wi-Fi.

Phone: - Adds phone icon on lock screen for additional ignoring options, similar to the camera sliding icon on the lock screen in iOS 5.1. - When ignoring a call, the user can message the caller or set a Reminder to call them back later or send one of three customizable quick SMS response.

AppStore: - Updating an app no longer requires the iTunes password to be entered. - Install free apps without an Apple ID. (feature however appears to be removed since beta?)

Accessibility Guided Access: - Allows user to lock exiting of the app in Single App Mode. - Allows users to disable certain controls within a specific app. - Locks the home button from being used to act like a kiosk.

iPhone 5 Cheat Sheet

All-in-all an impressive new device it appears. A quick run down of the technical details is below, although there are some gaps that I list afterwards.

For end-users that have already chosen iOS over Android in today’s market, the iPhone 5 brings a larger screen and the same ease of use if your end-users are comfortable with the iOS platform. The LTE connectivity and faster CPU will also assist the power and information hungry end-users. All is the lightest phone device Apple has created so far.

Area

Description

Availability

Pre-orders start on Friday September 14th. Shipping on September 21st in the US, Canada, UK, Germany, France, Australia, Japan, Hong Kong and Singapore. 22 more countries starting on September 28th.

Pricing

Same price as the 4S in the US. $199 for 16GB. $299 for 32GB, $399 for 64GB. iPhone 4 is now free on contract. iPhone 4S is now $99 on contract.

Audio - Mics

The audio system - there are three microphones. Front, bottom, and back. This is for voice recognition and noise cancelation.

Audio - Speaker

Five magnets in the transducer, a new speaker design, and is smaller overall — 20% smaller than the iPhone 4S speaker.

A new dynamic low light mode. It evaluates nearby pixels to give up to 2 f-stops greater low-light performance. A new image processor in the A6 to reduce noise and includes a so-called "smart filter" to do better at color-matching. 40% faster image capture.

Something that many global customers are asking for is VPP support outside of the United States for their end-users. It appears that day has finally arrived.

As of today the following countries have now been added: Australia Canada France Italy Germany Japan New Zealand Spain United Kingdom

No word if additional countries will be added later on, but it appears to be a similar approach as to any AppStore changes with the larger ones first. For the latest always hit up the main page here: http://www.apple.com/business/vpp/.

To access and purchase apps in each county necessary it appears, you must use your VPP Apple ID with the correct country store link with the 2-character country code. This table also provides the current link (could change in the future) of the local language VPP Guide if you need it:

It’s a little late, but I’m first now catching up on some of the recent news. :-) With the BlackHat and DefCon conferences in Las Vegas recently completed, there was a flurry of security news happening last few months. Here is a brief run-down of some highlights I found as it possibly affects the mobile computing world.

Take away: Google bouncer app verification holes, how to make your internal or public applications more secure.

BTW, Google has now updated their Developer policy per August 1st 2012(unknown if Trustwave helped pushed this along): http://play.google.com/about/developer-content-policy.html. Google now is combatting spam, malware, and SMS/email usage. Any app updates after 30 days of this new policy and don’t comply are subject to warning or removal from Google Play immediately. This is excellent news!

A component that most Mobile Device Management (MDM) products use today is the Simple Certificate Enrollment Protocol (SCEP). This was propelled by the use from Apple for iOS 4 devices in 2010, and Cisco and VeriSign who designed it in early 2000. The protocol was designed to make the issuing and revocation of digital certificates as scalable as possible. Especially its usage in MDM solutions for the growing BYOD footprint could be of a concern.

It stated: “An attacker could elevate their permissions by requesting a certificate of a different, possibly higher privileged user that would allow them to access resources that they would not otherwise be able to access.”

Mark Diodati from Gartner has pointed out that the following vendors have modified or proxied their SCEP enrollment process so better validation of the distinguished name is performed to better protect against this potential vulnerability:

AirWatch, Good Technology, Fiberlink, MobileIron, and Zenprise

The same can also be said about Silverback MDM, and probably several other vendors. If you are concerned you should ping your vendor and get more details.

But as Ted Shorter from CSS also points out his blog article, even if the various products in use might not be directly affected, it’s important to look at the full solution and what potential risks you may have and how it is implemented.

The Future

As the US-CERT posting highlights, the IETF Draft for SCEP has since March 2011 also mentioned other solutions such as Certificate Management Protocol (CMP) [RFC4210] and Certificate Management over CMS (CMC) [RFC5272] that have more comprehensive functionality. And “implementers are encouraged to support one of these comprehensive standards track certificate management protocols in addition to the protocol defined in this specification”.

As the market matures further with Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) I would suspect an increase in functionality and use of newer security standards and processes. With all the MDM products on the market, the top players continue to add features that they hope will differentiate themselves better.

The new folks over at Deloitte Digital have put together a nice infographic that even compares your new shiny mobile device to your toothbrush. And I know all of you out there are already using your devices while out shopping and just waiting to use NFC. :-)

More for the channel readers out there, but a quick plug for an article where I was quoted talking about the importance of MDM solutions, the changing business landscape of BYOD and also understanding all the infrastructure aspects surrounding mobile platforms today.

It’s a 20 page light read that goes in some depth about the various security processes and features within the Apple operating system. Hopefully this indicates a change of documentation from Apple and who knows what iOS 6 could bring around the corner. :-)

Distracted Driving is something even I am guilty of. Various voice solutions on the main mobile platforms are starting to assist with hands free support in vehicles, but at times it still doesn’t appear to be perfect and very dangerous to do when driving down the street or highway in a half-ton moving object.

As the continued usage of mobile devices increase, a higher number of consumers use devices while driving. This carries directly over to corporate usage, as more companies deploy mobile devices to their workforce. In the United States, increased local, state and federal legislation ban some or all use of mobile devices while driving.

At this time no state bans all cellphone use — handheld and hands-free — for all drivers. But nine ban using handheld devices; 38 states and the District of Columbia prohibit text messaging for all drivers; and 30 states and D.C. ban all cellphone use by new drivers.

In the United States several high-profile lawsuits and settlements have recently occurred in the past 6 months against companies that have field service personal that were involved in driving fatalities. The position has previously been that if corporate policies were in place and acknowledged by employees, the companies could be perceived as exempt for direct liability.

A new trend appears to be emerging where policies and potential systems must be put in place to exempt liability.

Several solutions are now available on the market to assist corporations with various levels of distracted driving management. Examples include in no certain order or preference (ping me if you know of others):

On the consumer side, I think it will just be a matter of time before insurance companies will fully embrace this type of technology (trails are already underway), and discounts or mandates will be commonplace.

The US government has been calling Distracted Driving an dangerous epidemic since 2009, and with good cause. http://www.distraction.gov/

Another cool infographic that I recently came across. This one gives an overview on some key aspects going on with tablets in the enterprise.

Right now this is heavily dominated by the Apple iPad and the question is if they can hold Microsoft Windows 8 tablets at bay later in the year. We shall see what Apple will announce next month at their developers conference (which this year was sold out in only 2 hours!), to keep their momentum going.

As I wrote in a previous posting back on March 11th, Kyle Lagunas was doing a public survey to get more BYOD trending information. I’m a little tardy in posting this, but catching up. :-)

Employees using their own devices (smart phones, tablets, PCs) are able to use the technology they’re most comfortable with--which has a positive impact on productivity. But as anyone in IT can tell you, this has risks. To address those, some organizations are creating BYOD (Bring Your Own Device) policies that establish guidelines for proper use. Last month, Kyle Lagunas of Software Advice launched a survey to get a pulse on what companies are doing to manage employee-owned mobile devices.

The question many business leaders are asking their HR partners is: “Do we need a formal policy for managing mobile devices?” This is not an easy question to address, as it requires perspective on what employees are doing with their mobile devices. To that end, we asked a couple of questions around usage.

Figure 1: Ownership of devices employees use for work-related purposes.

The most important question when discussing BYOD, of course, is whether or not people are even using their personal devices for work-related purposes. As shown in Figure 1, the majority of employees (77%) are using their own devices to some extent--either exclusively or in addition to company-issued devices--to do work. Of course, “work-related purposes” could be something as simple as checking their email. So we wanted to gauge what else they’re doing.

Figure 2: Employee uses of mobile devices.

According to our respondents, employees are using mobile devices at a roughly equivalent frequency for personal and business use. As shown in Figure 2 above, 67% of employees are using devices for business correspondence (email, phone calls, etc.), and 44% are using their device--company-owned or not--for professional networking.

Whenever employees are using mobile devices to access company data (48%), one would think a policy with guidelines for proper use is a must. However, another survey question revealed that only 30% of respondents’ companies had a policy for managing personal mobile devices in place. Is there a disconnect here? Survey says... Quite possibly.

Will BYOD Become a Higher Priority?

Considering the majority of employees are already using personal devices for work-related purposes, we were surprised that only 12% of organizations without a BYOD policy plan to adopt one in the near future (half of those are currently developing policies). 30% of participants without BYOD policies said that instituting one wasn’t a priority, 33% plan to modify their plans for managing use of personal mobile devices in 2012.

Security risks associated with BYOD policies continue to intimidate some--one respondent said he is “scared to death of security vulnerabilities”--but what would do more to minimize risks than to adopt an official policy? Are organizations better served by addressing issues as they arise? Or should leadership elevate mobile device policy as a priority for 2012?

I first noticed this now, but there appears to have been an update to v1.0.1 on April 17th with some new fixes that I didn’t try in my own testing previously back in March. Details are posted here: http://support.apple.com/kb/HT5233

The redemption code reusability could be huge, and I’m wondering if other MDM/MAM solutions could work in the same fashion:

The Apple Configurator 1.0.1 update is available from the Mac App Store.

This update improves overall stability and performance and addresses a number of issues, including the following:

Redemption codes for apps that contain a comma in their title can now be imported.

A redemption code may be reused to install an app on another device if the original device is unsupervised and erased by Apple Configurator, or if the app's installation did not complete on the original device.

The redemption code used to purchase an app in iTunes may also be used to install the app on one device with Apple Configurator.

The number of redemption codes remaining for an app is now displayed correctly.

Notes and bookmarks entered into iBooks and iTunes U are deleted when a backup is restored to a supervised device.

The WPA2 password is saved when editing a Wi-Fi profile payload.

The name of a stored backup is saved when edited.

The storage capacity of an 8 GB iPod touch is now displayed correctly.

The "Erase all contents and settings" checkbox on the Prepare pane has been relabeled "Erase before installing".

For the many markets, I think the co-branding and continued UI tweaks and changes done to the base models just continue to make it more difficult to support long term. We have seen this for years now, and now on various mobile OS platforms.

On top of all the other Apple news from the other week, there was also a “silent” release of a new tool called the “Apple Configurator”. Think of it as a mixture of the Apple Xcode, iTunes and iPCU applications all wrapped into one.

The current OS requirements are: Mac OS X 10.7.2 or later – thus it requires a Mac machine running Mac OS X, but not Mac OS X Server. There currently is no Windows OS support, unlike for iPCU and iTunes which do have Windows versions.

Prepare devices: · Configure up to 30 devices at a time · Update devices to the latest version of iOS · Create and restore a backup of settings and app data from one device to other devices · Import apps into Apple Configurator and sync them to new devices · Use the built-in editor to create and install iOS configuration profiles

Supervise devices: · Organize supervised devices into custom groups · Automatically apply common configurations to supervised devices · Quickly reapply a configuration to a supervised device and remove the previous user’s data · Import apps into Apple Configurator and sync them to supervised devices · Define and apply common or sequential names to all devices · Restrict supervised devices from syncing with other computers

Assign devices: · Add users and groups manually or auto populate via Open Directory or Active Directory · Check out a device to a user and restore the user’s settings and data on that device · Check in a device from a user and and back up the data for later use, possibly on a different device · Apply custom text, wallpaper, or the user’s picture to a device’s Lock screen · Import and export documents between your Mac and Apple Configurator · Sync documents between assigned devices and Apple Configurator

Installation

The installation quick quick and painless. During the installation the product prompted to upgrade and install the latest iTunes 10.6 as well.

Once run after the installation a very nice welcome screen is show to educate you on the 3 main application functions:

I will now go in depth for each function or task.

Preferences

Before we dive into each task in the application a quick review of the all important Preferences which can be important to configure. Access the Preferences in the application menu:

The preferences have two sections, “General” and “Lock Screen”. It is important to use the same Apple ID as configured and authorized in iTunes (Store->Authorize This Computer) on the same machine.

The “Lock Screen” settings provide some nifty features to streamline a custom lock screen wallpaper. Drag and drop a new picture, custom text, and automatic user images from the directory service connected. This can only be applied to Supervised devices.

Tip: Reclick on the “Lock Screen” tab to update the wallpaper rendering.

Prepare Devices

Click on the Prepare icon.

Tip: If you have any devices connected to the Mac, you will see a number indicator on the upper-right of the Prepare icon.

The Prepare screen has two sections, “Settings” and “Apps”. The Settings screen provides the following:

Name: Device name that will be set. Defaults to a “No change”. You have the option to start at any number, just enter one, and click on the Number sequentially tick box. Here I entered 5 for example and have 3 devices connected.

Supervision: Set this to OFF if you want to configure a device once. Set it to ON if you want to reapply a configuration repeatable, and also bring the device to a known state every time it is connected. We will go into more of this in the next section.

iOS: Defaults to Latest, so you can upgrade automatically. You can choose Other, and point to a .ipsw file. The application will download the latest .ipsw automatically for every device type connected if Supervision is used.

Tip: This could be handy if you want to install a new Beta iOS. If you selected Supervision OFF, you can also select No Change. This doesn’t appear to be possible with Supervision ON.

If you are not installing a fresh iOS release, you can select “Erase all contents and settings”.

Restore: To install a backup to multiple devices choose it from the list. Please note that the “Don’t Restore Backup” when Supervise is ON will still erase all content and settings.

Tip: Set Supervision to OFF, then you can select “Back Up”, if you want to back up a connected device with no Supervision features. Otherwise you need to configure a Supervised device first. iTunes backups can also be used for un-Supervised devices.

Tip: Make a “master” device with the iOS Setup Assistant already completed, and you can then use the Prepare function with Supervise OFF to setup multiple devices with the same backup and let it install the same profiles and application on each one.

Profiles: Here you can import an existing .mobileprofile file created previous with iPCU or “Create new Profile” right in the Apple Configurator. The v1.0 version has all the same iPCU settings as in the recent new v3.5 version. See my previous article on that here. You can also Export the profiles you have listed.

Apps: In the “Apps” section you can browse or drag’n’drop .ipa files (for example from Home->Music->iTunes->iTunes Media->Mobile Applications if you transferred purchases from a device or a in-house developed application from Xcode).

If you add an application that is not free of charge or in-house developed a prompt for the Apple Volume Purchase Program (VPP) voucher codes will appear:

Please note that the VPP program is still not available for all countries and requires enrollment (businesses must have a DUNS number).

Dismiss the prompt(s) and review the applications you may have added:

You can then click on the “0” icon and import your VPP vouchers purchased for the selected AppStore application. The spreadsheets can be downloaded with your VPP account at any time from http://vpp.itunes.apple.com.

Once you have imported your codes, the number will decrement as the codes are used on the devices and you can track on which device they have been used on.

Click on the Prepare apply icon at the bottom of the screen when you are ready to start!

After an “are you sure” prompt, all the connected devices connected through USB will be updated and you can visually see their progress status:

Any issues will be marked, and successfully completion shown:

Supervise Devices

After you have Prepared your devices and have set the Supervise setting to ON, you can further manage them within the Supervise icon:

You can create groups and drag the devices into these groups. You can also add additional apps to the devices/groups:

If you have installed paid-for Apps and uploaded the VPP .CSV spreadsheet with codes, you can track and see which devices are using which codes and how many you have left:

But the really-really cool thing is if you remove the checkmark in-front of an app, that is a paid app installed with a VPP code, that the redemption code count goes back UP, and you can reinstall the paid app on another Supervised device!

Assign Devices

Last but at least of the 3 functions in the product, is the “Assign” function. Here you can facilitate a check in and check out process to your Supervised devices, where the users’ data is left intact – think Windows roaming profiles.

Here you can add users and groups (even from a connected directory service) and drag and drop users in those groups.

You can assign and install documents to be used be specific users or a group of users. Click on the “+” symbol at the bottom of the 3rd panel, and choose the appropriate application that is installed on the device: (mine has several options since I imported a large number of apps, only those that support iTunes file sharing are supported)

Then browse to the files you want to be placed on each device the users are assigned to and the document is now associated with the user and will be installed when a device is check out to that user.

When you are ready to assign and check out devices to users, click on the “Check Out” at the bottom and pair the users to the available devices. When complete click on “Check Out”:

When users return the devices, and you wish the check in the devices again, attach them to the machine running the Apple Configurator and click on the user and click on “Check In” at the bottom. It will now transfer the files and any changes to those files that the user had made into a backup, so upon the next check out the files can be restored:

Unless you specified a backup in the Prepare stage as part of the device’s Supervise configuration the user data will remain on the device until you check out the device to another user.

Using a Supervised Device

A quick verification on the Supervised device shows that the lock screen indeed has been set as configured:

It is clear that the Apple Configurator tool provides a self-signed certificate, and places a Profile on each device that is Supervised. Of more concern is perhaps that the machine running Apple Configurator and it’s Network MAC address is part of the certificate signature:

It is also clear that the disabled iTunes tethering does work, and here is the prompt I received when trying to tether the Supervised iPad to my iTunes 10.6 installation:

Export Information

Another useful feature in the application when in the Supervise function is to provide detailed asset information from the Supervised devices into a .CSV file:

Use Cases

In the scenario where you have users checking in and our devices, you could lock the device with profile settings so the AppStore and other functions are disabled. You would maintain the apps and the VPP codes used on all the devices in a contained environment. There would also be no need for individual Apple IDs for each user, unless they are using iTunes, and other apps that require it.

Bugs

As with most new v1 applications there may be some bugs and steps to hash out.

I got some of these prompts while importing apps:

There is no detailed logging to see exactly which iOS apps are at fault in various stages in the application. You may have to guess or perform a process of illumination.

If this example I added a document to Adobe Reader, which isn’t present on the selected device:

Cautions

As with any device management system, the local database that the Apple Configurator uses is critical to your long term usage of the product. You should properly back up the Mac you use to manage all of your devices regularly.

"If you lose the Apple Configurator database, your users will retain rights to use the apps already installed on devices, and you can reimport any spreadsheets to install additional apps on devices using unredeemed codes. But if an app is deleted from a device after you lose the database, Apple Configurator will be unable to determine the device’s rights to that app, and you will need to redeem another code in order to reinstall the app."

I’m also wondering about the self-signed certificates that the devices have been setup with and assume they would have to be re-Prepared if moved to another machine running Apple Configurator.

Overall Opinion

I think Apple definitely has up the ante on the management features they provide. Above the beyond the Profile Manager features released in Mac OS X Server, and those found in Xcode, iTunes and iPCU.

It still lacks some of the larger scale enterprise features found in the various Mobile Device Management (MDM) products on the market (such as self-service Enterprise App Store, active monitoring etc), or a Exchange ActiveSync remote wipe. So it really depends on your requirements (and money budget). It could easily make sense for a small to medium sized iOS device deployment and management within a single facility.

Also if you have an educational or training type setup with a secure cart (as found from Bretford, Parat, Tribeam, or Datamation, etc) with a USB hub and connected MacBook, you can easily manage a cart full of devices with the Apple Configurator and the basic features that it can currently provide.

But if you have a larger deployment, and more dispersed geographic area, with additional security requirements and processes around it, I would highly suggest looking at a more full fledged MDM solution. The majority can be found here in a nice public comparison: http://enterpriseios.com/wiki/Comparison_MDM_Providers, although several are still missing.

A hybrid use case could perhaps also work where non-Supervised or Supervised devices also are used with another MDM solution, but more testing is highly recommended.

Now if the special logic used to reuse VPP vouchers from one managed (Supervised) device to another could also be found in the MDM solutions on the market you could have some strong new features.. :-) Also the shared user aspects are a sore spot for many current MDM solutions. It will be interesting to see if some of these new features get carried over.

Until more and better tablet apps, and management solutions, arrive for the Android tablets, Apple may be in driving seat for a a little while longer.. Depending on the larger OEM activities (think Samsung, Motorola, etc) and pricing I think it may happen sooner than 2016..